Cisco Secure Firewall Management Center Feature Licenses
The Cisco Secure Firewall Management Center feature license type required depends on the software running on the managed device. Secure Firewall Threat Defense devices use Smart licenses, while all other devices use Classic licenses. The management center hardware does not require a license, but the Secure Firewall Management Center Virtual requires an entitlement for each device it will manage. For managed device hardware that is not running threat defense software, see the documentation for your software product.
Management Center Licensing
Management Center Hardware Model or Virtual Platform |
License Requirements |
---|---|
Management Center hardware (all models) |
No license is required for management center hardware. The management center can manage devices that use both Smart and Classic licenses. |
Management Center Virtual (all platforms) |
The management center virtual requires an entitlement for each device it will manage, whether the devices use Smart or Classic licensing. Starting in release 6.7, the management center virtual in a high-availability pair consume a license for each registered device in the configuration. |
License You Assign |
Duration |
Granted Capabilities |
||
---|---|---|---|---|
Essentials |
Perpetual or Subscription
|
Except for Specific License Reservation and the Secure Firewall 3100, Essentials perpetual licenses are automatically assigned with all threat defense devices. User and application control Switching and routing NAT For details, see Essentials Licenses. |
||
IPS |
Subscription |
Intrusion detection and prevention File control Security Intelligence filtering For details, see IPS Licenses. |
||
Malware defense |
Subscription |
Malware defense Secure Malware Analytics File storage (IPS license is a prerequisite for a Malware defense license.) For details, see Malware Defense Licenses. |
||
Carrier |
Subscription for Firepower 4100/9300, Secure Firewall 3100, and Threat Defense Virtual |
Diameter, GTP/GPRS, M3UA, and SCTP inspection For details, see Carrier License. |
||
URL Filtering |
Subscription |
Category and reputation-based URL filtering For details, see URL Filtering Licenses. (IPS license is a prerequisite for a URL Filtering license.) |
||
Management Center Virtual |
|
The platform license determines the number of devices the management center virtual can manage. For details, see Management Center Virtual Licenses. |
||
Export-Controlled Features |
Perpetual |
Features that are subject to national security, foreign policy, and anti-terrorism laws and regulations; see Licensing for Export-Controlled Functionality. |
||
Remote Access VPN:
|
Subscription or perpetual |
Remote access VPN configuration. Your account must allow export-controlled functionality to configure remote access VPN. You select whether you meet export requirements when you register the device. The threat defense can use any valid Secure Client license. The available features do not differ based on license type. For more information, see Secure Client Licenses. |
Required License Type (Smart or Classic) for Managed Devices
Generally, it is the software, not the hardware, that determines whether your device requires a Classic or Smart License.
![]() Note |
Some hardware supports either Classic or Smart Licenses, depending on the software running on the device. Make sure you purchase and activate the correct license type for your software. For details, see licensing information for the software product that will run on the device. If you activate the wrong license type, contact Cisco TAC. |
Use the information below to determine whether your product requires Classic or Smart Licenses.
Software |
Required License Type |
||
---|---|---|---|
Threat Defense |
Smart |
||
ASA FirePOWER module
|
Classic |
||
NGIPS devices |
Classic |
Device Hardware Model or Virtual Platform |
NGIPS Software |
Threat Defense Software |
ASA FirePOWER Software |
---|---|---|---|
Cisco NGIPS for Blue Coat X-Series |
Classic |
— |
— |
3D500, 3D1000, 3D2000 3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL) 3D9900 (EOL) |
Classic |
— |
— |
Firepower 7010, 7020, 7030, 7050 Firepower 7110, 7115 7120, 7125 AMP7150 |
Classic |
— |
— |
Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP8050, AMP8150, AMP8350 |
Classic |
— |
— |
NGIPSv |
Classic |
— |
— |
Threat Defense Virtual |
— |
Smart |
— |
ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X |
— |
Smart |
Classic |
ISA 3000 For supported software versions on this hardware, see the Compatibility Matrix at https://www.cisco.com/c/en/us/support/security/defense-center/products-device-support-tables-list.html. |
— |
Smart Versions 6.2.3 and 6.3 support Threat license only. Support for Specific License Reservation was introduced in 6.4. |
Classic |
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X |
— |
Smart |
Classic |
ASA 5585-X |
— |
— |
Classic |
Firepower 1010 Firepower 1100 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 |
— |
Smart |
— |
Secure Firewall 3100 Series |
— |
Smart |
— |
Licensing Instructions by Version
Use this table to find feature license instructions by version.
Software Version |
Device Type |
Licensing Information For |
---|---|---|
7.7 |
Threat Defense |
|
7.6 |
Threat Defense |
|
7.4 |
Threat Defense |
|
7.3 |
Threat Defense |
|
7.2 |
Threat Defense |
|
7.1 |
FTD |
|
7.0 |
FTD |
|
All other supported devices |
|
|
6.7 |
FTD |
|
All other supported devices |
|
|
6.6 |
FTD |
|
All others |
|
|
6.5 |
FTD |
|
All others |
|
|
6.4 |
FTD |
|
All others |
|
|
6.3 |
FTD |
|
All others |
|
|
6.2.3 |
FTD |
|
All others |
|
|
6.2.2 |
FTD |
|
All others |
|
|
6.2.1 |
FTD |
|
All others |
— |
|
6.2.0.x |
FTD |
|
All others |
|
|
6.1.0.x |
FTD |
|
All others |
|
|
6.0.1.x |
FTD |
The FTD managed by the management center: |
All others |
|
|
6.0.0.x |
All except FTD |
|
5.4.x |
Classic |
|
5.3.1.x |
Classic |
For Assistance
If you have any questions about installing or using feature licenses, contact TAC Support:
-
Visit the Cisco Support site at http://support.cisco.com/.
-
Email Cisco Support at mailto:tac@cisco.com.
-
Call Cisco Support at 1.408.526.7209 or 1.800.553.2447.